Risk of Wiper Malware Attacks by Iranian Threat Actors Increasing

The Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) gave a warning after a surge in ‘Iranian regime actors’ cyberattacks.

Christopher C. Krebs gave the warning as tensions build up between Iran and the United States. Iran was accused of planting magnetic mines to ruin commercial shipping boats. Iran shot a U.S. surveillance drone while flying over the Strait of Hormuz, claiming that the drone was hovering over its territory.

The U.S. planned an air strike, but President Trump called it off to avoid the probable loss of life. Even so, the U.S. proceeded with a strike in cyberspace. It was reported that the U.S. Cyber Command attacked the Islamic Revolutionary Guard Corps, an Iranian spying group that is thought to have been behind the mine planting operation. Based on a current Washington Post report, the cyberattacks impaired the group’s command and control system used for launching missiles and rockets.

Iranian threat actors are very active. Cyberattacks on U.S. industries and government institutions are increasing. Although there are many forms of cyberattacks, Iranian threat actors use wiper malware in their attacks. Besides stealing information and money, the attackers wipe systems clean by using the malware and disable entire networks.

The United States considers Iran as one of three countries that have capable threat actors engaged in economic espionage. They steal trade secrets and confidential information. Iranian hackers are also able to carry out disastrous cyberattacks.

Iranian hackers were responsible for the SamSam ransomware attacks on healthcare companies. They are also believed to be behind the 2012 cyberattack on Suadi Aramco, the Saudi Arabian oil company. The attackers used shamoon wiper malware to wipe clean thousands of devices.

These wiper attacks brought about considerable harm. In 2017, the NotPetya wiper malware attacks led to $4 to $8 billion global financial losses. The attack on the shipping company Maersk led to $300 million losses. A current Carbon Black report states that 45% of healthcare CISOs have had a wiper malware attack in the last 12 months.

Though the hackers are highly capable, they still utilize basic methods, such as phishing and spear phishing, password spraying, social engineering and credential stuffing, to take advantage of vulnerabilities to access networks.

All these methods of attack can be blocked using basic cybersecurity controls like using strong passwords, modifying default passwords, rate limiting on logins, implementing the rule of least privilege for setting user permissions, applying multi-factor authentication, shutting down unused ports, deactivating RDP, immediate patching, using a robust backup technique, and training employees on security awareness.

Krebs cautioned all U.S markets, government institutions, and businesses to watch out for the risk of cyberattacks. If you see a suspicious incident, be serious and act immediately.